kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reject inappropriate private key encryption ciphers.

Browse Source 
The traditional private key encryption algorithm doesn't function
properly if the IV length of the cipher is zero. These ciphers
(e.g. ECB mode) are not suitable for private key encryption
anyway.

(Imported from upstream's 4436299296cc10c6d6611b066b4b73dc0bdae1a6.)

Change-Id: I218c9c1d11274ef11b7c0cfce380521efa415215
Reviewed-on: https://boringssl-review.googlesource.com/7840
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-05-03 07:33:29 -04:00 committed by Adam Langley
parent b83c680d03
commit d230a0c890
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/pem/pem_lib.c
View File

@ -262,7 +262,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
if (enc != NULL) { if (enc != NULL) {
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
if (objstr == NULL) { if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER); OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER);
goto err; goto err;
} }